mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
330 lines
16 KiB
Python
330 lines
16 KiB
Python
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
import time
|
|
|
|
from nose.plugins.attrib import attr
|
|
|
|
from marvin.cloudstackAPI import updateConfiguration
|
|
from marvin.cloudstackException import CloudstackAPIException
|
|
from marvin.cloudstackTestCase import cloudstackTestCase
|
|
from marvin.lib.base import Network, NetworkOffering, VpcOffering, VPC, PublicIPAddress
|
|
from marvin.lib.common import get_domain, get_zone
|
|
|
|
|
|
class Services:
|
|
""" Test Quarantine for public IPs
|
|
"""
|
|
|
|
def __init__(self):
|
|
self.services = {
|
|
"root_domain": {
|
|
"name": "ROOT",
|
|
},
|
|
"domain_admin": {
|
|
"username": "Domain admin",
|
|
"roletype": 2,
|
|
},
|
|
"root_admin": {
|
|
"username": "Root admin",
|
|
"roletype": 1,
|
|
},
|
|
"domain_vpc": {
|
|
"name": "domain-vpc",
|
|
"displaytext": "domain-vpc",
|
|
"cidr": "10.1.1.0/24",
|
|
},
|
|
"domain_network": {
|
|
"name": "domain-network",
|
|
"displaytext": "domain-network",
|
|
},
|
|
"root_vpc": {
|
|
"name": "root-vpc",
|
|
"displaytext": "root-vpc",
|
|
"cidr": "10.2.1.0/24",
|
|
},
|
|
"root_network": {
|
|
"name": "root-network",
|
|
"displaytext": "root-network",
|
|
}
|
|
}
|
|
|
|
|
|
class TestQuarantineIPs(cloudstackTestCase):
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
cls.testClient = super(TestQuarantineIPs, cls).getClsTestClient()
|
|
cls.apiclient = cls.testClient.getApiClient()
|
|
|
|
cls.services = Services().services
|
|
cls.domain = get_domain(cls.apiclient)
|
|
cls.zone = get_zone(cls.apiclient, cls.testClient.getZoneForTests())
|
|
return
|
|
|
|
def setUp(self):
|
|
self.domain_admin_apiclient = self.testClient.getUserApiClient(self.services["domain_admin"]["username"],
|
|
self.services["root_domain"]["name"],
|
|
self.services["domain_admin"]["roletype"])
|
|
|
|
self.admin_apiclient = self.testClient.getUserApiClient(self.services["root_admin"]["username"],
|
|
self.services["root_domain"]["name"],
|
|
self.services["root_admin"]["roletype"])
|
|
|
|
"""
|
|
Set public.ip.address.quarantine.duration to 60 minutes
|
|
"""
|
|
update_configuration_cmd = updateConfiguration.updateConfigurationCmd()
|
|
update_configuration_cmd.name = "public.ip.address.quarantine.duration"
|
|
update_configuration_cmd.value = "1"
|
|
self.apiclient.updateConfiguration(update_configuration_cmd)
|
|
|
|
self.cleanup = []
|
|
return
|
|
|
|
def tearDown(self):
|
|
"""
|
|
Reset public.ip.address.quarantine.duration to 0 minutes
|
|
"""
|
|
update_configuration_cmd = updateConfiguration.updateConfigurationCmd()
|
|
update_configuration_cmd.name = "public.ip.address.quarantine.duration"
|
|
update_configuration_cmd.value = "0"
|
|
self.apiclient.updateConfiguration(update_configuration_cmd)
|
|
|
|
super(TestQuarantineIPs, self).tearDown()
|
|
|
|
def create_vpc(self, api_client, services):
|
|
# Get network offering
|
|
network_offering = NetworkOffering.list(api_client, name="DefaultIsolatedNetworkOfferingForVpcNetworks")
|
|
self.assertTrue(network_offering is not None and len(network_offering) > 0, "No VPC network offering")
|
|
|
|
# Getting VPC offering
|
|
vpc_offering = VpcOffering.list(api_client, name="Default VPC offering")
|
|
self.assertTrue(vpc_offering is not None and len(vpc_offering) > 0, "No VPC offerings found")
|
|
|
|
# Creating VPC
|
|
vpc = VPC.create(
|
|
apiclient=api_client,
|
|
services=services,
|
|
networkDomain="vpc.networkacl",
|
|
vpcofferingid=vpc_offering[0].id,
|
|
zoneid=self.zone.id,
|
|
domainid=self.domain.id,
|
|
start=False
|
|
)
|
|
|
|
self.cleanup.append(vpc)
|
|
self.assertTrue(vpc is not None, "VPC creation failed")
|
|
return vpc
|
|
|
|
@attr(tags=["advanced", "basic"], required_hardware="false")
|
|
def test_only_owner_can_allocate_ip_in_quarantine_vpc(self):
|
|
""" Test allocate IP in quarantine to VPC.
|
|
"""
|
|
# Creating Domain Admin VPC
|
|
domain_vpc = self.create_vpc(self.domain_admin_apiclient, self.services["domain_vpc"])
|
|
|
|
# Allocating source nat first
|
|
PublicIPAddress.create(self.domain_admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
vpcid=domain_vpc.id)
|
|
|
|
# Getting available public IP address
|
|
ip_address = PublicIPAddress.list(self.domain_admin_apiclient, state="Free", listall=True)[0].ipaddress
|
|
|
|
self.debug(
|
|
f"creating public address with zone {self.zone.id} and vpc id {domain_vpc.id} and ip address {ip_address}.")
|
|
# Associating public IP address to Domain Admin account
|
|
public_ip = PublicIPAddress.create(self.domain_admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
vpcid=domain_vpc.id,
|
|
ipaddress=ip_address)
|
|
self.assertIsNotNone(public_ip, "Failed to Associate IP Address")
|
|
self.assertEqual(public_ip.ipaddress.ipaddress, ip_address, "Associated IP is not same as specified")
|
|
|
|
self.debug(f"Disassociating public IP {public_ip.ipaddress.ipaddress}.")
|
|
public_ip.delete(self.domain_admin_apiclient)
|
|
|
|
# Creating Root Admin VPC
|
|
root_vpc = self.create_vpc(self.admin_apiclient, self.services["root_vpc"])
|
|
|
|
self.debug(f"Trying to allocate the same IP address {ip_address} that is still in quarantine.")
|
|
|
|
with self.assertRaises(CloudstackAPIException) as exception:
|
|
PublicIPAddress.create(self.admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
vpcid=root_vpc.id,
|
|
ipaddress=ip_address)
|
|
self.assertIn(f"Failed to allocate public IP address [{ip_address}] as it is in quarantine.",
|
|
exception.exception.errorMsg)
|
|
|
|
# Owner should be able to allocate its IP in quarantine
|
|
public_ip = PublicIPAddress.create(self.domain_admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
vpcid=domain_vpc.id,
|
|
ipaddress=ip_address)
|
|
self.assertIsNotNone(public_ip, "Failed to Associate IP Address")
|
|
self.assertEqual(public_ip.ipaddress.ipaddress, ip_address, "Associated IP is not same as specified")
|
|
|
|
@attr(tags=["advanced", "basic"], required_hardware="false")
|
|
def test_another_user_can_allocate_ip_after_quarantined_has_ended_vpc(self):
|
|
""" Test allocate IP to VPC after quarantine has ended.
|
|
"""
|
|
# Creating Domain Admin VPC
|
|
domain_vpc = self.create_vpc(self.domain_admin_apiclient, self.services["domain_vpc"])
|
|
|
|
# Allocating source nat first
|
|
PublicIPAddress.create(self.domain_admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
vpcid=domain_vpc.id)
|
|
|
|
# Getting available public IP address
|
|
ip_address = PublicIPAddress.list(self.domain_admin_apiclient, state="Free", listall=True)[0].ipaddress
|
|
|
|
self.debug(
|
|
f"creating public address with zone {self.zone.id} and vpc id {domain_vpc.id} and ip address {ip_address}.")
|
|
# Associating public IP address to Domain Admin account
|
|
public_ip = PublicIPAddress.create(self.domain_admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
vpcid=domain_vpc.id,
|
|
ipaddress=ip_address)
|
|
self.assertIsNotNone(public_ip, "Failed to Associate IP Address")
|
|
self.assertEqual(public_ip.ipaddress.ipaddress, ip_address, "Associated IP is not same as specified")
|
|
|
|
self.debug(f"Disassociating public IP {public_ip.ipaddress.ipaddress}.")
|
|
public_ip.delete(self.domain_admin_apiclient)
|
|
|
|
# Creating Root Admin VPC
|
|
root_vpc = self.create_vpc(self.admin_apiclient, self.services["root_vpc"])
|
|
|
|
self.debug(f"Trying to allocate the same IP address {ip_address} after the quarantine duration.")
|
|
|
|
time.sleep(60)
|
|
|
|
public_ip_2 = PublicIPAddress.create(self.admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
vpcid=root_vpc.id,
|
|
ipaddress=ip_address)
|
|
self.assertIsNotNone(public_ip_2, "Failed to Associate IP Address")
|
|
self.assertEqual(public_ip_2.ipaddress.ipaddress, ip_address, "Associated IP is not same as specified")
|
|
|
|
@attr(tags=["advanced", "basic"], required_hardware="false")
|
|
def test_only_owner_can_allocate_ip_in_quarantine_network(self):
|
|
""" Test allocate IP in quarantine to network.
|
|
"""
|
|
network_offering = NetworkOffering.list(self.domain_admin_apiclient,
|
|
name="DefaultIsolatedNetworkOfferingWithSourceNatService")
|
|
domain_network = Network.create(self.domain_admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
services=self.services["domain_network"],
|
|
networkofferingid=network_offering[0].id)
|
|
self.cleanup.append(domain_network)
|
|
|
|
# Allocating source nat first
|
|
PublicIPAddress.create(self.domain_admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
networkid=domain_network.id)
|
|
|
|
# Getting available public IP address
|
|
ip_address = PublicIPAddress.list(self.domain_admin_apiclient, state="Free", listall=True)[0].ipaddress
|
|
|
|
self.debug(
|
|
f"creating public address with zone {self.zone.id} and network id {domain_network.id} and ip address {ip_address}.")
|
|
# Associating public IP address to Domain Admin account
|
|
public_ip = PublicIPAddress.create(self.domain_admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
networkid=domain_network.id,
|
|
ipaddress=ip_address)
|
|
self.assertIsNotNone(public_ip, "Failed to Associate IP Address")
|
|
self.assertEqual(public_ip.ipaddress.ipaddress, ip_address, "Associated IP is not same as specified")
|
|
|
|
self.debug(f"Disassociating public IP {public_ip.ipaddress.ipaddress}.")
|
|
public_ip.delete(self.domain_admin_apiclient)
|
|
|
|
# Creating Root Admin network
|
|
root_network = Network.create(self.admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
services=self.services["root_network"],
|
|
networkofferingid=network_offering[0].id)
|
|
self.cleanup.append(root_network)
|
|
self.debug(f"Trying to allocate the same IP address {ip_address} that is still in quarantine.")
|
|
|
|
with self.assertRaises(CloudstackAPIException) as exception:
|
|
PublicIPAddress.create(self.admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
networkid=root_network.id,
|
|
ipaddress=ip_address)
|
|
self.assertIn(f"Failed to allocate public IP address [{ip_address}] as it is in quarantine.",
|
|
exception.exception.errorMsg)
|
|
|
|
# Owner should be able to allocate its IP in quarantine
|
|
public_ip = PublicIPAddress.create(self.domain_admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
networkid=domain_network.id,
|
|
ipaddress=ip_address)
|
|
self.assertIsNotNone(public_ip, "Failed to Associate IP Address")
|
|
self.assertEqual(public_ip.ipaddress.ipaddress, ip_address, "Associated IP is not same as specified")
|
|
|
|
@attr(tags=["advanced", "basic"], required_hardware="false")
|
|
def test_another_user_can_allocate_ip_after_quarantined_has_ended_network(self):
|
|
""" Test allocate IP to network after quarantine has ended.
|
|
"""
|
|
network_offering = NetworkOffering.list(self.domain_admin_apiclient,
|
|
name="DefaultIsolatedNetworkOfferingWithSourceNatService")
|
|
domain_network = Network.create(self.domain_admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
services=self.services["domain_network"],
|
|
networkofferingid=network_offering[0].id)
|
|
self.cleanup.append(domain_network)
|
|
# Allocating source nat first
|
|
PublicIPAddress.create(self.domain_admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
networkid=domain_network.id)
|
|
|
|
# Getting available public IP address
|
|
ip_address = PublicIPAddress.list(self.domain_admin_apiclient, state="Free", listall=True)[0].ipaddress
|
|
|
|
self.debug(
|
|
f"creating public address with zone {self.zone.id} and network id {domain_network.id} and ip address {ip_address}.")
|
|
# Associating public IP address to Domain Admin account
|
|
public_ip = PublicIPAddress.create(self.domain_admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
networkid=domain_network.id,
|
|
ipaddress=ip_address)
|
|
self.assertIsNotNone(public_ip, "Failed to Associate IP Address")
|
|
self.assertEqual(public_ip.ipaddress.ipaddress, ip_address, "Associated IP is not same as specified")
|
|
|
|
self.debug(f"Disassociating public IP {public_ip.ipaddress.ipaddress}.")
|
|
public_ip.delete(self.domain_admin_apiclient)
|
|
|
|
# Creating Root Admin VPC
|
|
root_network = Network.create(self.admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
services=self.services["root_network"],
|
|
networkofferingid=network_offering[0].id)
|
|
self.cleanup.append(root_network)
|
|
|
|
self.debug(f"Trying to allocate the same IP address {ip_address} after the quarantine duration.")
|
|
|
|
time.sleep(60)
|
|
|
|
public_ip_2 = PublicIPAddress.create(self.admin_apiclient,
|
|
zoneid=self.zone.id,
|
|
networkid=domain_network.id,
|
|
ipaddress=ip_address)
|
|
self.assertIsNotNone(public_ip_2, "Failed to Associate IP Address")
|
|
self.assertEqual(public_ip_2.ipaddress.ipaddress, ip_address, "Associated IP is not same as specified")
|